piątek, 16 grudnia 2011
Achievement earned !
Microsoft Certified IT Professional (MCITP): Enterprise Desktop Support Technician 7
piątek, 9 grudnia 2011
Short and basic info about XSS attacks.
Cross site scripting attack, is a quite new technique around the website attacks and it's very common technique today.
Cross site scripting vulnerabilities are associated with two another web scripting techniques: XSS and CSS. The first one is preferred over the use of the second one. Usually a website that uses dynamic content are the only websites that can have a Cross Site Scripting vulnerability. There are two ways of XSS attacks. Reflected and stored.
The malicious user has discovered that a field within a website or web application holds a XSS vulnerability. This malicious user then crafts a way to use the vulnerability to execute something malicious to some unknown user. Reflected XSS vulnerabilities occur when a unknowing user is directed to a web application that has a XSS vulnerability, by the malicious user. Once the unknowing user gets to the web site or application the malicious user's attack is executed.
The attack is crafted by a series of url parameters that are sent via a url. The malicious user then sends his/her malicious url with the url parameters to unknowing users. This is typically sent by email, instant messages, blogs or forums, or any other possible methods.
Stored Cross Site Scripting vulnerability is a variety of attack where the malicious user can store some attack which will be called and executed in later time. So this kind of attack as a storage uses some databases.Stored Cross Site Scripting vulnerabilities typically are more dangerous than reflected. The reason being is that the reflected attack is a dynamic attack, while the stored attack can just be set once.
Cross site scripting vulnerabilities are associated with two another web scripting techniques: XSS and CSS. The first one is preferred over the use of the second one. Usually a website that uses dynamic content are the only websites that can have a Cross Site Scripting vulnerability. There are two ways of XSS attacks. Reflected and stored.
The malicious user has discovered that a field within a website or web application holds a XSS vulnerability. This malicious user then crafts a way to use the vulnerability to execute something malicious to some unknown user. Reflected XSS vulnerabilities occur when a unknowing user is directed to a web application that has a XSS vulnerability, by the malicious user. Once the unknowing user gets to the web site or application the malicious user's attack is executed.
The attack is crafted by a series of url parameters that are sent via a url. The malicious user then sends his/her malicious url with the url parameters to unknowing users. This is typically sent by email, instant messages, blogs or forums, or any other possible methods.
Stored Cross Site Scripting vulnerability is a variety of attack where the malicious user can store some attack which will be called and executed in later time. So this kind of attack as a storage uses some databases.Stored Cross Site Scripting vulnerabilities typically are more dangerous than reflected. The reason being is that the reflected attack is a dynamic attack, while the stored attack can just be set once.
środa, 9 listopada 2011
Where is network manager applet ?
Installing Back Track 5 or Ubuntu 10.04, there is a problem with displaying network manager applet in notification area. Here is solution:
1. Go to /etc/NetworkManager,
2. Edit, using vi, nano or gedit nm-system-settings.conf,
3. Find 'managed=false' and change the value to 'true',
4. Save and exit nm-system-settings.conf,
5. Restart deamon /etc/init.d/networking,
6. Reboot.
This bug may relate to any distribution based on debian.
wtorek, 8 listopada 2011
Secure Copy
If you are looking for some alternate method for File Transfer Protocol, there is very useful and good working Secure Copy (scp).
Based on Secure Shell protocol, method for transfering files between two hosts:
local - remote
remote - remote
Secure Copy allow to send files/directories to a server, including their basis attributes. SCP is very similar to RCP protocol known from BSD, however it's most secure because of encrypted connection.
usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
[-l limit] [-o ssh_option] [-P port] [-S program]
[[user@]host1:]file1 ... [[user@]host2:]file2
Based on Secure Shell protocol, method for transfering files between two hosts:
local - remote
remote - remote
Secure Copy allow to send files/directories to a server, including their basis attributes. SCP is very similar to RCP protocol known from BSD, however it's most secure because of encrypted connection.
usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
[-l limit] [-o ssh_option] [-P port] [-S program]
[[user@]host1:]file1 ... [[user@]host2:]file2
piątek, 4 listopada 2011
Technical maintenance.
Due to the project technical maintenance, older posts were deleted.
Blog will continue with more information and power :]
Blog will continue with more information and power :]
czwartek, 27 października 2011
uClinux, embedded system for microcontrollers emulated in Skyeye
Introduction
#########
uClinux is an open source embedded operating system based on 2.6 linux
kernel. uClinux has support for many architectures, and forms the basis
of many products, like network routers, security cameras, DVD or MP3
players, VoIP phone or Gateways, scanners, and card readers.
Today I would like to show how to emulate uClinux in open source
emulator for embedded systems called Skyeye.
Skyeye installation
##############
1. First we need to create a folder arbitrarily named (in this example
it will be project) in a home directory and change our actual location
to it.
mkdir project
cd project
2. In second step we need to dwonload the package of Skyeye from it's
official website www.skyeye.org or other source. You can download it
directly to your project directory or if your download directory is
specified somewhere else you will need to move the Skyeye package to
project directory.
mv ~/Download/skyeye-1.2.6_rcl.tar.bz2
3. Third step, unpacking.
tar jxvf skyeye-1.2.6_rcl.tar.bz2
4. Fourth step, compilation of Skyeye.
cd skyeye-1.2.6_rcl
./configure
make
5. Modification .bashrc file to allow running Skyeye from any directory
in base operating system.
nano .bashrc
PATH=$PATH:$HOME/project/skyeye-1.2.6_rcl
export PATH
source ~/.bashrc
uClinux compilation
################
1. First we need to dwonload the latest uClinux distribution package
from uClinux official website www.uclinux.org. Remember, dwonload it
to project directory or move it from your dwonload directory just like with
Skyeye.
cd project
mv ~/Download/uClinux-dist
2. Second step, unpacking.
tar zxvf uClinux-dist
3. Third step, distribution configuration for used processor. This step
show how to customize uClinux depending of used processor.
First change
your location to unpacked distribution directory.
cd uClinux-dist
then use the following command to run configuration menu of uClinux
make menuconifg
Now you can customize your uClinux depending to your microcontroller
system. After that start compilation typing
make
It is possible that you will need to install genromfs.
4. After succesfull compilation you should find two files in images
directory
boot.rom and linux
5. Finally you will need skyeye configuration file which can be
downloaded from www.skyeye.org (probably it will required modification
of this file depending of your system).
running uClinux in skyeye
###################
1. Change location to images directory
cd ~/project/uClinux-dist/images
2. Run uCLinux
skyeye -C ~/myskyeye.conf -e linux
#########
uClinux is an open source embedded operating system based on 2.6 linux
kernel. uClinux has support for many architectures, and forms the basis
of many products, like network routers, security cameras, DVD or MP3
players, VoIP phone or Gateways, scanners, and card readers.
Today I would like to show how to emulate uClinux in open source
emulator for embedded systems called Skyeye.
Skyeye installation
##############
1. First we need to create a folder arbitrarily named (in this example
it will be project) in a home directory and change our actual location
to it.
mkdir project
cd project
2. In second step we need to dwonload the package of Skyeye from it's
official website www.skyeye.org or other source. You can download it
directly to your project directory or if your download directory is
specified somewhere else you will need to move the Skyeye package to
project directory.
mv ~/Download/skyeye-1.2.6_rcl.tar.bz2
3. Third step, unpacking.
tar jxvf skyeye-1.2.6_rcl.tar.bz2
4. Fourth step, compilation of Skyeye.
cd skyeye-1.2.6_rcl
./configure
make
5. Modification .bashrc file to allow running Skyeye from any directory
in base operating system.
nano .bashrc
PATH=$PATH:$HOME/project/skyeye-1.2.6_rcl
export PATH
source ~/.bashrc
uClinux compilation
################
1. First we need to dwonload the latest uClinux distribution package
from uClinux official website www.uclinux.org. Remember, dwonload it
to project directory or move it from your dwonload directory just like with
Skyeye.
cd project
mv ~/Download/uClinux-dist
2. Second step, unpacking.
tar zxvf uClinux-dist
3. Third step, distribution configuration for used processor. This step
show how to customize uClinux depending of used processor.
First change
your location to unpacked distribution directory.
cd uClinux-dist
then use the following command to run configuration menu of uClinux
make menuconifg
Now you can customize your uClinux depending to your microcontroller
system. After that start compilation typing
make
It is possible that you will need to install genromfs.
4. After succesfull compilation you should find two files in images
directory
boot.rom and linux
5. Finally you will need skyeye configuration file which can be
downloaded from www.skyeye.org (probably it will required modification
of this file depending of your system).
running uClinux in skyeye
###################
1. Change location to images directory
cd ~/project/uClinux-dist/images
2. Run uCLinux
skyeye -C ~/myskyeye.conf -e linux
Tip: Windows Server 2008 core and Cobian Backup Software
If you want to use Cobian backup software on Windows Server 2008 core you can find a problem with running Cobian interface gui. Standard procedure to run some application on Windows Server 2008 core is typing name of it's execution file from installation directory in comand line:
cbInterface.exe
In this case, Cobian Backup Software didn't show interface. You need to use -m parameter to solve this problem:
cdInterface.exe -m
cbInterface.exe
In this case, Cobian Backup Software didn't show interface. You need to use -m parameter to solve this problem:
cdInterface.exe -m
Subskrybuj:
Posty (Atom)